particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge/test/data/manifests/fedora-coreos-container.mpp.yaml
Jonathan Lebon 0331e6f313 stages: add coreos.live-artifacts.mono stage 
This adds a new `org.osbuild.coreos.live-artifacts.mono` stage to build
CoreOS Live ISO/PXE artifacts. The code is heavily based on the
`cmd-buildextend-live` script from coreos-assembler [1], but a lot of
things had to be adapted:
- the stage is provided the deployed oscontainer tree, metal, and
  metal4k images as inputs
- we use chroot instead of supermin to execute some commands in the
  context of the target oscontainer
- a bunch of calls that were wrapped by libguestfs for us (e.g.
  mkfs.vfat, mksquashfs), we now have to call ourselves; to retain
  maximum compatibility, we ensured that we still effectively use the
  same args that libguestfs passed

And various other minor adjustments.

Of course, this is not really in line with the OSBuild philosophy
of having smaller-scoped stages. We have labeled this with a .mono
suffix to denote it is monolithic, similar to the existing
`org.osbuild.bootiso.mono` stage today.

Eventually we may be able to break this stage down if we find it worth
the effort. Alternatively the need for it may go away as we align more
with Image Mode.

[1] 43a9c80e1f/src/cmd-buildextend-live

Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
Co-authored-by: Renata Ravanelli <renata.ravanelli@gmail.com>
2024-12-18 11:09:29 -05:00

908 lines
29 KiB
YAML
Raw Blame History

version: '2'
mpp-vars:
# The name to use for deployment stateroot
osname: fedora-coreos
# The container image ref to follow for updates
container_imgref: ostree-remote-registry:fedora:quay.io/fedora/fedora-coreos:stable
# The container repo/tag to pull for this test
container_repo: registry.gitlab.com/redhat/services/products/image-builder/ci/images/fedora-coreos
container_tag: testing
metal_image_size_mb: 3072
cloud_image_size_mb: 10240
bios_boot_size_mb: 1
efi_system_size_mb: 127
boot_size_mb: 384
sector_size: 512
four_k_sector_size: 4096
extra_kargs: "mitigations=auto,nosmt"
# Filesystem UUID and label definitions. These UUIDs
# are looked for on boot and if found replaced with
# a new random UUID to make each install unique.
boot_fs_uuid: 96d15588-3596-4b3c-adca-a2ff7279ea63
boot_fs_label: boot
root_fs_uuid: 910678ff-f77e-4a7d-8d53-86f2ac47a823
root_fs_label: root
# Set the buildroot string to use for most operations here. We create
# the buildroot from the target OSTree contents so we have version
# matches. Unfortunately for FCOS there is no python so we can't
# really use FCOS as the buildroot so we'll use a generic Fedora
# buildroot here.
buildroot: "name:build"
mpp-define-images:
- id: image
sector_size:
mpp-format-int: "{sector_size}"
size:
mpp-format-string: "{metal_image_size_mb * 1024 * 1024}"
table:
uuid: 00000000-0000-4000-a000-000000000001
label: gpt
partitions:
- name: BIOS-BOOT
type: 21686148-6449-6E6F-744E-656564454649
bootable: true
size:
mpp-format-int: "{bios_boot_size_mb * 1024 * 1024 / sector_size}"
- name: EFI-SYSTEM
type: C12A7328-F81F-11D2-BA4B-00A0C93EC93B
size:
mpp-format-int: "{efi_system_size_mb * 1024 * 1024 / sector_size}"
- name: boot
type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4
size:
mpp-format-int: "{boot_size_mb * 1024 * 1024 / sector_size}"
- name: root
type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4
- id: image4k
sector_size:
mpp-format-int: "{four_k_sector_size}"
size:
mpp-format-string: "{metal_image_size_mb * 1024 * 1024}"
table:
uuid: 00000000-0000-4000-a000-000000000001
label: gpt
partitions:
- name: BIOS-BOOT
type: 21686148-6449-6E6F-744E-656564454649
bootable: true
size:
mpp-format-int: "{bios_boot_size_mb * 1024 * 1024 / four_k_sector_size}"
- name: EFI-SYSTEM
type: C12A7328-F81F-11D2-BA4B-00A0C93EC93B
size:
mpp-format-int: "{efi_system_size_mb * 1024 * 1024 / four_k_sector_size}"
- name: boot
type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4
size:
mpp-format-int: "{boot_size_mb * 1024 * 1024 / four_k_sector_size}"
- name: root
type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4
pipelines:
- mpp-import-pipelines:
path: fedora-vars.ipp.yaml
- mpp-import-pipeline:
path: fedora-build-v2.ipp.yaml
id: build
runner:
mpp-format-string: org.osbuild.fedora{release}
# Pull the container into a pipeline
# Construct a tree here that is a representation of the filesystem
# that you would see on a running OSTree system. i.e. instead of just
# /ostree and /sysroot at the toplevel we see /usr/ /var/ /etc/ ... that
# you would see inside an OSTree deployment. Having the plain files accessible
# allows for this pipeline to be used as a buildroot for some stages
# or as inputs for others (i.e. file_context input to the org.osbuild.selinux
# stages). This pipeline isn't actually used for built artifacts but
# to help during build.
#
# NOTE: this is only used as a buildroot on RHCOS (FCOS doesn't ship python).
- name: deployed-tree
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.container-deploy
inputs:
images:
type: org.osbuild.containers
origin: org.osbuild.source
mpp-resolve-images:
images:
- source: $container_repo
tag: $container_tag
- name: tree
build:
mpp-format-string: '{buildroot}'
source-epoch: 1659397331
stages:
# Set the context of the root of the tree so that we avoid unlabeled_t files.
# https://github.com/coreos/fedora-coreos-tracker/issues/1772
- type: org.osbuild.selinux
options:
file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts
target: tree:///
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
- type: org.osbuild.ostree.init-fs
- type: org.osbuild.ostree.os-init
options:
osname:
mpp-format-string: '{osname}'
- type: org.osbuild.ostree.config
options:
repo: /ostree/repo
config:
sysroot:
readonly: true
bootloader: none
# https://github.com/coreos/fedora-coreos-tracker/issues/1333
bls-append-except-default: grub_users=""
# Opt-in to https://github.com/ostreedev/ostree/pull/2705 which will
# add /boot as the prefix on top of BLS config entries. This is OK
# because there is a symlink that is created in the root of the boot
# filesystem by OSTree (boot -> .) that makes it so that /boot paths
# will always work.
bootprefix: true
- type: org.osbuild.mkdir
options:
paths:
- path: /boot/efi
mode: 493
- type: org.osbuild.ignition
- type: org.osbuild.ostree.deploy.container
options:
osname:
mpp-format-string: '{osname}'
target_imgref:
mpp-format-string: '{container_imgref}'
mounts:
- /boot
- /boot/efi
kernel_opts:
- rw
- '$ignition_firstboot'
- mpp-format-string: '{extra_kargs}'
inputs:
images:
type: org.osbuild.containers
origin: org.osbuild.source
mpp-resolve-images:
images:
- source: $container_repo
tag: $container_tag
- type: org.osbuild.ostree.aleph
options:
coreos_compat: true
deployment:
default: true
- type: org.osbuild.ostree.selinux
options:
deployment:
default: true
- name: raw-image
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.truncate
options:
filename: disk.img
size:
mpp-format-string: '{image.size}'
- type: org.osbuild.sfdisk
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
options:
mpp-format-json: '{image.layout}'
- type: org.osbuild.mkfs.fat
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image.layout[''EFI-SYSTEM''].start}'
size:
mpp-format-int: '{image.layout[''EFI-SYSTEM''].size}'
lock: true
options:
label: EFI-SYSTEM
volid: 7B7795E7
- type: org.osbuild.mkfs.ext4
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image.layout[''boot''].start}'
size:
mpp-format-int: '{image.layout[''boot''].size}'
lock: true
options:
uuid:
mpp-format-string: '{boot_fs_uuid}'
label:
mpp-format-string: '{boot_fs_label}'
# Set manually the metadata_csum_seed ext4 option otherwise changing the
# filesystem UUID while it's mounted doesn't work. Can remove this when
# metadata_csum_seed is default in RHEL, which can be checked by looking
# in /etc/mke2fs.conf.
metadata_csum_seed: true
- type: org.osbuild.mkfs.xfs
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image.layout[''root''].start}'
size:
mpp-format-int: '{image.layout[''root''].size}'
lock: true
options:
uuid:
mpp-format-string: '{root_fs_uuid}'
label:
mpp-format-string: '{root_fs_label}'
# We've created the filesystems. Now let's create the mountpoints (directories)
# on the filesystems and label them with appropriate SELinux labels. This also
# covers things like filesystem autogenerated files like 'lost+found'. The labeling
# will happen once with just the root filesystem mounted and once with the boot
# filesystem mounted too (to make sure we get all potentially hidden mountpoints).
# https://github.com/coreos/fedora-coreos-tracker/issues/1771
- type: org.osbuild.mkdir
options:
paths:
- path: mount://root/boot
mode: 493
- path: mount://boot/efi
mode: 493
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /root-mount-point
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot-mount-point
- type: org.osbuild.selinux
options:
file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts
target: mount://root/
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- type: org.osbuild.selinux
options:
file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts
target: mount://root/boot/
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:tree
options:
paths:
- from: input://tree/
to: mount://root/
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot
- name: efi
type: org.osbuild.fat
source: disk
partition:
mpp-format-int: '{image.layout[''EFI-SYSTEM''].partnum}'
target: /boot/efi
- type: org.osbuild.bootupd
options:
bios:
device: disk
static-configs: true
deployment:
default: true
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot
- name: efi
type: org.osbuild.fat
source: disk
partition:
mpp-format-int: '{image.layout[''EFI-SYSTEM''].partnum}'
target: /boot/efi
- type: org.osbuild.chattr
options:
items:
mount://root/:
immutable: true
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
default: true
- name: raw-4k-image
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.truncate
options:
filename: disk.img
size:
mpp-format-string: '{image4k.size}'
- type: org.osbuild.sfdisk
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
sector-size:
mpp-format-int: "{four_k_sector_size}"
options:
mpp-format-json: '{image4k.layout}'
- type: org.osbuild.mkfs.fat
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].start}'
size:
mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].size}'
lock: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
options:
label: EFI-SYSTEM
volid: 7B7795E7
- type: org.osbuild.mkfs.ext4
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image4k.layout[''boot''].start}'
size:
mpp-format-int: '{image4k.layout[''boot''].size}'
lock: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
options:
uuid:
mpp-format-string: '{boot_fs_uuid}'
label:
mpp-format-string: '{boot_fs_label}'
# Set manually the metadata_csum_seed ext4 option otherwise changing the
# filesystem UUID while it's mounted doesn't work. Can remove this when
# metadata_csum_seed is default in RHEL, which can be checked by looking
# in /etc/mke2fs.conf.
metadata_csum_seed: true
- type: org.osbuild.mkfs.xfs
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image4k.layout[''root''].start}'
size:
mpp-format-int: '{image4k.layout[''root''].size}'
lock: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
options:
uuid:
mpp-format-string: '{root_fs_uuid}'
label:
mpp-format-string: '{root_fs_label}'
# We've created the filesystems. Now let's create the mountpoints (directories)
# on the filesystems and label them with appropriate SELinux labels. This also
# covers things like filesystem autogenerated files like 'lost+found'. The labeling
# will happen once with just the root filesystem mounted and once with the boot
# filesystem mounted too (to make sure we get all potentially hidden mountpoints).
# https://github.com/coreos/fedora-coreos-tracker/issues/1771
- type: org.osbuild.mkdir
options:
paths:
- path: mount://root/boot
mode: 493
- path: mount://boot/efi
mode: 493
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /root-mount-point
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image4k.layout[''boot''].partnum}'
target: /boot-mount-point
- type: org.osbuild.selinux
options:
file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts
target: mount://root/
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- type: org.osbuild.selinux
options:
file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts
target: mount://root/boot/
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image4k.layout[''boot''].partnum}'
target: /boot
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:tree
options:
paths:
- from: input://tree/
to: mount://root/
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image4k.layout[''boot''].partnum}'
target: /boot
- name: efi
type: org.osbuild.fat
source: disk
partition:
mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].partnum}'
target: /boot/efi
- type: org.osbuild.bootupd
options:
static-configs: true
deployment:
default: true
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image4k.layout[''boot''].partnum}'
target: /boot
- name: efi
type: org.osbuild.fat
source: disk
partition:
mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].partnum}'
target: /boot/efi
- type: org.osbuild.chattr
options:
items:
mount://root/:
immutable: true
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
default: true
- name: raw-metal-image
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:raw-image
options:
paths:
- from: input://tree/disk.img
to: tree:///disk.img
- type: org.osbuild.coreos.platform
options:
platform: metal
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
default: true
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot
- name: metal
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:raw-metal-image
options:
paths:
- from: input://tree/disk.img
to: tree:///metal.raw
- name: raw-metal4k-image
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:raw-4k-image
options:
paths:
- from: input://tree/disk.img
to: tree:///disk.img
- type: org.osbuild.coreos.platform
options:
platform: metal
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
default: true
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image4k.layout[''boot''].partnum}'
target: /boot
- name: metal4k
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:raw-metal4k-image
options:
paths:
- from: input://tree/disk.img
to: tree:///metal4k.raw
- name: raw-qemu-image
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:raw-image
options:
paths:
- from: input://tree/disk.img
to: tree:///disk.img
# Increase the size to the cloud image size
- type: org.osbuild.truncate
options:
filename: disk.img
size:
mpp-format-string: "{cloud_image_size_mb * 1024 * 1024}"
- type: org.osbuild.coreos.platform
options:
platform: qemu
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
default: true
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot
- name: qemu
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.qemu
inputs:
image:
type: org.osbuild.files
origin: org.osbuild.pipeline
references:
name:raw-qemu-image:
file: disk.img
options:
filename: qemu.qcow2
format:
type: qcow2
compression: false
compat: '1.1'
- name: live
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.coreos.live-artifacts.mono
inputs:
deployed-tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
metal:
type: org.osbuild.files
origin: org.osbuild.pipeline
references:
name:metal:
file: /metal.raw
metal4k:
type: org.osbuild.files
origin: org.osbuild.pipeline
references:
name:metal4k:
file: /metal4k.raw
options:
filenames:
live-iso:
mpp-format-string: 'coreos-live-iso.{arch}.iso'
live-kernel:
mpp-format-string: 'coreos-live-kernel.{arch}'
live-initramfs:
mpp-format-string: 'coreos-live-initramfs.{arch}.img'
live-rootfs:
mpp-format-string: 'coreos-live-rootfs.{arch}.img'
Reference in a new issue View git blame Copy permalink